Data Breach Bill Passes the Senate

Table of Contents

Share at:

Early this week the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Cth). The key amendment is the introduction of a mandatory data breach notification scheme, which will make it a legal requirement for entities regulated under the Privacy Act 1988 (Cth) to provide notice to regulators and customers affected by a data breach.

These laws will come into effect within the next 12 months. This is an opportune time for businesses to update their current security measures and privacy policy.

What is a notifiable breach?

Not every data breach will require notice. A breach will need to be reported by an organisation if it qualifies as an eligible data breach. An eligible data breach will occur when the following conditions are satisfied:

  1. That there is unauthorised access to or disclosure of information, or in circumstances that information is lost (and these actions are likely to occur); and
  2. A reasonable person would conclude that access or disclosure would be likely to result in serious harm to any of the individuals to whom that information relates.

Only data breaches likely to result in serious harm are required to be reported. Serious harm is not defined, however there is a list of relevant matters that organisations will need to consider when determining whether access or disclosure would be likely or not likely to result in serious harm. These include the sensitivity of the information, how the information is protected and the type of person that has obtained the information.

How will these changes affect businesses?

All entities regulated by the Privacy Act 1988 (Cth) will be legally required to notify the Australian Information Commissioner and those affected by a data breach. Entities subject to this new scheme include Australian Government agencies, not-for-profit organisations and businesses with an annual turnover of over $3 million. The Act also applies to some small businesses with an annual turnover of less than $3 million, such as:

  • Private Sector Health Service Providers (including gyms, weight loss clinics and alternative medicine practices);
  • Business that sell or purchase personal information;
  • Credit Reporting Bodies; and
  • Businesses that have chosen to opt-in to the Privacy Act

If your business is regulated by the Act and an eligible data breach has occurred the Australian Information Commissioner and those affected must be notified.

What happens if a business does not comply?

If an organisation fails to report on an eligible data breach it would be ‘deemed to be an interference with the privacy of an individual’. Serious or repeated interferences may result in a civil penalty of up to $360,000 for individuals and in the case of corporations up to $1,800,000.

Final Thoughts

Privacy and the protection of sensitive information is paramount. This amendment is an opportunity for businesses to evaluate and update their current security practices. To reassure your customers that their privacy will be protected while on your website, create a Privacy Policy for FREE.

Let us know your thoughts on the latest privacy data scare by tagging us #lawpath or @lawpath.

Share at:

Simplify creating legal documents today

Browse through Lawpath's AI tools which can be used to draft, review and refine legal documents today!

Related Articles

An Employers Guide to Redundancy Pay [With Calculator]

Learn how to calculate and manage redundancy payments in Australia. Your step-by-step guide to severance pay requirements and obligations.

Fixed Term Contracts: An Explainer

Considering hiring a fixed term employee? Or not sure whether they should be a permanent employee? Find all about fixed term contracts here.

How Do Probationary Periods Work?

Unsure whether your new employee is the correct fit? Why not try a probationary period? Learn what you need to know here.

How Long Should My Break Be As An Employee?

Employee breaks are key to preserving fair work rights, as well as ensuring a productive work place. Find out about your employee break entitlements here.

What Is The Difference Between Part-Time vs Casual Employment?

Do you want to know the differences between part-time and casual employment for your small business?

What is the Difference Between Casual vs Full-time Employment?

Do you want to know the differences between casual and full-time employment for your small business?